This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 91%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOG%3C/text%3E%3C/svg%3E)
Client replaced his Adfs token and decryption certificates a month ago and users had been complaining of slow authentication.
I took a look and found that the secondary node appears to still be using the old certificates
Errors are event 381 An error occurred during an attempt to build the certificate chain for configuration certificate identified by thumbprint 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. Possible causes are that the certificate has been revoked or certificate is not within its validity period.
I have attempted to restart the secondary server and restart the service which did not work
i took al ook in the private cert store for the service account and found that the new certs are not present on the secondary node and it is attempting to use the old ones.
Exporting and importing from the primary manually doesnt seem possible as it requires exporting with the private key and that option is greyed out.
Is there any way for me to force the secondary to update with the new correct certificates ?
Restart did not work. restart of the adfs service did not work
Would making the secondary into primary force it to pickup the correct certs?